Re: Vista's OV header

---

• From: "Alexander Grigoriev" <alegr@xxxxxxxxxxxxx>
• Date: Sat, 30 Sep 2006 20:53:16 -0700

---

Process created suspended doesn't even start loading and mapping any
executables.

"Arno Schoedl" <aschoedl@xxxxxxxxxxxxxx> wrote in message
news:1159649324.094310.28880@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

To answer my own question, the header still starts with MZ, but I fell
victim to Vista's "Address Space Load Randomization". Even the main
module of a process is no longer loaded at the address indicated in the
.EXE file on disk. This leaves me with my real problem: I am creating a
process CREATE_SUSPENDED, and need to know its entry point. I was
hopeful with EnumProcessModules, but it returns failure when called
right after suspended process creation. The Visual Studio debugger also
cannot list the modules that early. Any ideas?

TIA,

Arno

.

---

• Follow-Ups:
  • Re: Vista's OV header
    • From: Arno Schoedl

• References:
  • Vista's OV header
    • From: Arno Schoedl
  • Re: Vista's OV header
    • From: Arno Schoedl

• Prev by Date: Re: mutex overkill ?
• Next by Date: Re: mutex overkill ?
• Previous by thread: Re: Vista's OV header
• Next by thread: Re: Vista's OV header
• Index(es):
  • Date
  • Thread

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)